As of this morning, several US federal agencies and the personal information of 3.5 million Oregon and Louisiana residents has been compromised in a cyberattack affecting companies and government agencies across the globe. The cyberattack has been attributed to the CL0P Ransomware Gang, which exploited vulnerabilities in a widely used file transfer software (MOVEIt). Given the global scope of this cyberattack, businesses should to take steps to ensure that their systems and data are secure. Specifically, businesses should consider the following steps to protect, investigate and respond to this global cyberattack campaign as well as our incident response flow chart.

Protect

Even in the absence of any evidence of compromise, businesses should be proactive in securing their information technology systems and data by:

• Assessing systems and networks, including:
  • reviewing logs and alerts for unusual behavior;
  • updating any signatures for end point detection or network monitoring;
  • ensuring software is patched and updated; and
  • strengthening remote access controls (i.e., MFA), as needed.
• Monitor and control any traffic from organizations affected by cyberattack.
• Test data backup and restoration procedures to ensure resiliency.

Investigate

If a business is impacted by the cyberattack, it should:

• initiate and investigate and consider engaging a forensic investigation firm to assist with determining the scope, nature and impact of the incident;
  • assemble an incident response team to coordinate and execute the investigation, and address stakeholder concerns;
  • Take specific action to stop the incident and contain its impact; and
  • Determine and eliminate the cause of the incident.

Respond

• While the investigation is occurring, a business should also:
  • assess the necessity of paying the ransom and develop a negotiation approach;
  • consider potential regulatory scrutiny for paying ransom benefiting sanctioned entities;
  • address whether notification is legally or contractually required to potentially affected individuals or entities, any other third parties (business partners, shareholders, investors, regulators) or public filings;
  • develop a plan for communicating with board of directors, executive management and personnel; and
  • carefully, prepare public communications only as needed.